Data and service providers are increasingly adopting application programming interfaces (API) to deliver services through mobile, cloud and web channels. While it is becoming easier to expose and consume these services through APIs, the management of the exposed APIs has become problematic. For example, by exposing APIs, providers are tasked with controlling access to the APIs, metering of the APIs for monetization purpose, throttling of the APIs so that customers will not exceed their quotas, monitoring API latency and availability, and ensuring that only authenticated users are accessing the APIs. Also many providers want to report online and near real-time usage analytics, service availability metrics, and latency statistics of APIs.
Typically, to provide the above, conventional API gateways apply a top-down approach to meter a number of API requests by customers, provide authentication to services, and throttle usage when a customer exceeds a predetermined usage amount. This focus on metering, authentication and throttling by conventional API gateways introduces latency into each request. As such, conventional API gateways within API management systems are able to provide adequate throughput for relatively small payloads, but prove to be deficient in environments where there is a high volume of requests for relatively large payloads.